The IT Law Wiki


Computer security[]

An asset is

a major application, a general-support system, a high-impact program, a physical plant, a mission-critical system, personnel, equipment, or a logically related group of systems.[1]


Assets refer to "people, hardware, business applications and other software, and data on the firm's network.[2]


An asset is

[a]nything that has value to the organization, its business operations and their continuity.[3]
[a] major application, general support system, high impact program, physical plant, mission critical system or logically related group of systems. An asset is also a physical or intangible item of value to an organization or individual.[4]
[a]n item of value to achievement of organizational mission/business objectives.[5]

An asset is "a person, structure, facility, information, material, or process that has value."[6]


An asset is

1. Any resource — a person, group, relationship, instrument installation, supply — at the disposition of an intelligence agency for use in an operational or support role. 2. A person who contributes to a clandestine mission but is not a fully controlled agent.[7]


An asset is

[a] major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.[8]
[a] system resource that is (a) required to be protected by an information system's security policy, (b) intended to be protected by a countermeasure, or (c) required for a system's mission.[9]

An asset is

  • "[t]he target of protection in a security analysis."[10]


The term "asset" includes:

contracts, facilities, property, records, unobligated or unexpended balances of appropriations, and other funds or resources, personnel, intelligence, technology, or physical infrastructure, or anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned; from an intelligence standpoint, includes any resource — person, group, relationship, instrument, installation, or supply — at the disposal of an intelligence organization for use in an operational or support role.[11]

"An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., data, information, software, trademark, copyright, patent, intellectual property, image, or reputation). The value of an asset is driven by the stakeholders in consideration of life cycle concerns that include, but are not limited to, those concerns of business or mission."[12]


"Cyberspace may impact the same assets as the physical world, but probably in entirely new ways. For example, although privacy has been an asset in the physical world for several years, in cyberspace it may take on a whole new spin, as (i) the data gathered, (ii) the entities gathering such data, and (iii) the potential uses of such gathered data are of unprecedented scale."[13]


  1. FFIEC, IT Examination Handbook Infobase, Glossary (full-text).
  2. Report on Cybersecurity Practices, at 46 n.13.
  3. ISO/IEC 17799: 2000.
  4. DM3595-001, at 2.
  5. NIST Special Publication 800-160, App. B, at 166.
  6. National Infrastructure Protection Plan, at 109.
  7. OPSEC Glossary of Terms.
  8. CNSSI 4009.
  9. Internet Security Glossary 20 (RFC 4949) (Ver. 2) (Aug. 2007).
  10. Security & Resilience in Governmental Clouds, Glossary, at 90.
  11. DHS Lexicon Terms and Definitions, at 42.
  12. NIST Special Publication 800-160, at 2 n.3.
  13. The Red Book, at 7.

See also[]